Where/How to post Procedure for setting up Dual Wan for current Snapshot?

Vescovo

Hi all,
Since pfsense is new to me I can probably document the current procedure for setting up a dual wan configuration from scratch. Please let me know the best way that this can be done. The procdeure should be vetted by the experts before it is posted. This is the link http://doc.pfsense.org/index.php/Multi-Wan/Load-Balancing

sullrich

Use this as a starting point:
http://www.pfsense.com/mirror.php?section=tutorials/policybased_multiwan/policybased_multiwan.pdf

Vescovo

Hi Scott
Hoba indicated that one was out of date. I did look at it initially to get a an indication on how to set up pfsense. 
The questions are

1. can the documentation be a word Doc?
2. where should it be posted?
   Fred

sullrich

It can be a word document, but we would convert it to PDF.

We can post it on the pfSense.com site.  Not sure why he is saying its out of date, the procedure is the same.

hoba

To stop some confusion. There is another pdf describing loadbalancing which is outdated and a bit confusing. That one is not linked anymore. This tutorial is actually fine though the outbound nat part is optional as long as you don't need it because of using virtual IPs for example.

Btw, with the new failoverpool capabilities you rather might want to create failoverpools instead of using single gateways for policybasedrouting.

Vescovo

Hi Scott and Hoba,
In my case both Balance and Failover pools were created and Outgoing NAT was NOT used and no Virtual IPs were set up. The majority of the work was performed by pfsense except when it came to creating the large NATs for the servers.

What appears missing is a walkthrough from start to finish for a User not familiar with pfsense.
As an example, the word Snapshot conveyed to me that the code was to be used for development testing only. In fact it appears to be stable code that has been patched with current fixes. I would be probably still trying to figure out how to load balance if I had not started using the current snapshots. The information is there but you really have to dig for it.  With the snapshot it was all done for you. In fact it was so easy I wonder if I missed something?

What I would document is a dual Wan configuration using Routers on each Wan port;
a) without a server on the Lan Side
b) with a Server on the LAN side

Should I attempt this?

hoba

We encourage everybody helping out with documentation. Either work at http://doc.pfsense.org or whipe up a tutorial that we can publish at http://pfsense.com/index.php?id=36 (pdf or wink both welcome).

Vescovo

The Dual Wan Documentation page has been updated. Most of the information required was already on this page but even I, who always reads the documentation first, missed these pages and went directly to the tutorials. You may want to reposition this page where it is easier to find for someone wanting a Quickstart guide to dual wans. This is the link for the new documentation http://doc.pfsense.org/index.php/Multi-Wan/Load-Balancing

hoba

Thanks for working on it!  :)

Pootle

I'm just setting this up now after upgrading to snap 02-02-2007, I've got load balancing working, just got to put in the failover part now.

I'm just wondering if the load balancing software could (or perhaps the pfsense configuration code set things up), automatically adjust things when 1 element of the pool goes down, and just route all traffic through the remaining elements of the pool? This would be the noob behaviour, advanced users could still control things in detail if they wanted to.

The way it currently is, it seems to me though that this is going to get very complex once you have more than 2 WANS, with 3 for example you need 3 pools to allow for each single WAN failing, and also really you should also have another 3 pools for when any 2 of the 3 have failed.  This might be seem a bit overkill, but I can easily see situations where multiple ISPs fail, because they share some common infrastructure, for example if you have 2 ADSL connections and 1 cable connection, the 2 ADSL could easily go down at the same time.

Notionally you need 3 pools for 2 WANs, 7 pools for 3 WANs and 15 pools for 4 WANs ( or is it 25? ).  Don't want to think what happens for 5 or more!

hoba

I don't think someone will use THAT many WANs. imo it's rather nice the way it is now and it gives you full control. The only thing that could be enhanced is to have a way to resort the poolmembers for failoverpools without the need of deleting and adding them back (this is more or less cosmetic). Another nice addition would be to automatically update the monitor IPs for dynamic connections.

Vescovo

@hoba:

Another nice addition would be to automatically update the monitor IPs for dynamic connections.

Hoba, hopefully I can figure out how to get the information from the modem/routers without resorting to "device specific code". Since my ISP does "dual wan outgoing load balance" on my connection, that is 2 gateways, this update is essential to check for a real failover condition.

@Pootle:

This might be seem a bit overkill, but I can easily see situations where multiple ISPs fail, because they share some common infrastructure,

My understanding of how the pools work is that if there are 3 items in a Balancing pool, that pool will be balanced amongst the active items and if there are 3 items in a Failover pool, that pool will failover to the next item in the active  list. Will this not take care of the situation you mentioned?

for example if you have 2 ADSL connections and 1 cable connection, the 2 ADSL could easily go down at the same time.

We are in agreement.  This setup, exactly, is being tested and it will be documented once real results are achieved.

Pootle

My understanding of how the pools work is that if there are 3 items in a Balancing pool, that poll will be balanced amongst the active items and if there are 3 items in a Failover pool, that poll will failover to the next item in the active  list. Will this not take care of the situation you mentioned?

Note quite sure I follow this, but leave it for now - its late and I'm still learning.

We are in agreement.  This setup, exactly, is being tested and it will be documented once real results are achieved.

Excellent !!

I've got failover working now and have tested and all looks to work fine.

Just 1 question in the meantime I hope has a simple answer  :)

What gateway do I choose if I want traffic (from LAN) to favour a particular WAN link, but be able to fail over to the other?

(I understand that choosing the balanced pool can use any WAN as it sees fit,
and that using a specific gateway (for example 192.168.0.1) will force traffic to that WAN connection - which will mean nothing happens if that link fails
If I use a failover gateway, will that favour the first WAN connection mentioned, but then use the other(s) in order when the first fails?)

hoba

Yes, just build a failoverpool for that. It will always use the first available gateway in the list and only failover to the next one if the above gateway(s) are down.

Pootle

I've done this diagram which I think explains the various ways in which a load balancing setup with the new failover capability can be used.  Is this right?

Its all working like a charm now, and it is not wrongly reporting link down either.  ;D

Vescovo

Hey Pootle, that's an excellent diagram. Why don't you add it to the DOC example. The only difference is the DOC sets the the WAN1(192.168.0.2) and WAN2(192.168.2.2) and The modem/routers to 192.168.0.254 and 192.168.2.254. If you can make those changes it will be consistent with the rest of the DOC.

Pootle

KK, I'll do it in the morning  ;D

Pootle

@Vescovo:

Why don't you add it to the DOC example.

Like this?  http://doc.pfsense.org/index.php/Multi-Wan/Load-Balancing

btw its from a visio diagram, if anyone wants the visio file, I'm happy to send it…

Vescovo

Hi Pootle,  :-[ Unfortunately, I was not specific enough.
In the pfSense Box where you have Gateway 192.168.0.1 it should read 192.168.0.254
In the pfSense Box where you have Gateway 192.168.2.1 it should read 192.168.2.254

At the edge of the pfSense box where you have 192.168.0.254 it should read 192.168.0.2
At the edge of the pfSense box where you have 192.168.2.254 it should read 192.168.2.2

At the entrance to the modem/ routers where you have 192.168.0.2 it should read 192.168.0.254
At the entrance to the modem/ routers where you have 192.168.2.2 it should read 192.168.2.254

To insert the image "in-line" where you thought it would be most helpful you click the image ikon in the menu. It will put code in that looks like this [[Image:Example.jpg]].
You then preview the document. Go to the link where you place the example.jpg. You will not see the image. Click the link. It will take you to a page where you can download the image. Name the image something sensible. Once you save the image it appears where you want it.

To deteremine the location, ask yourself where the image would be most helpful to you in building the pfsense box if you were doing it for the first time.

Thanks very much for contibuting. :D

Pootle

Ah! I see.  That explains why I got confused reading the guide  :D

I've uploaded a new version, can you check it's now got the right addresses?  If OK, then I'll look at editing the page.